Migrating from a Stretch to a Buster server

Upgrade or reinstall?

I recommend that you set up a new server and make sure that the new mail server is working correctly before you start migrating existing email users to it. You may argue that Debian can be upgraded easily using “apt-get dist-upgrade” but that is very dangerous on a live mail server. Automatic configuration changes may have evil side effects and you will likely lose emails. At least you are causing a serious downtime for your users.

If you follow my advice then get a new server and install Debian Buster on it. Once the users are migrated properly and all works well you can tear down the old server.

Read before you type

Follow this guide to the end. Only then start attempting a migration. Inform your users about the migration and set a time when you intend to move email accounts to the new server. The change will require a DNS change which takes a while to be visible worldwide so your users will have a period when incoming email is delayed. If you proceed properly not a single email will be lost though.

So you have your new server up and running and did everything to make it a working mail server? You really read all the pages in this guide and did what they told you? Okay, then let’s start.

Turn down the TTL of your MX record

The DNS “MX” record for your domain contains the hostname of your mail server. When switching to the new server you need to change the MX record. Every DNS record has a TTL (time-to-live) that defines the period of time that a record will stay valid even after you change it. Usually that TTL is rather high like 86400 seconds (=1 day). This information is used by caching name servers that they can use the cached values for a day. Turn that TTL down temporarily to 60 seconds so that the rest of the internet will pick up your change quicker. However it will take a day.

Migrate the mailserver database

You need to copy the database that contains the control data about your email domains and accounts. Log into the old (Stretch) server as root and back up the mailserver database. That is as easy as running…

mysqldump mailserver > mailserver.sql

Copy that file to the new server (using scp) and import it there:

mysql mailserver < mailserver.sql

Obviously any database changes on the old server from now on will have to be done on the new server as well until the migration is done.

One simple schema change is necessary though. The virtual_users table has a new field called “quota”. This SQL query adds it:

Roundcube contacts

You should consider migrating the contacts that your users manage in Roundcube. I have not done that but it seems that dumping and restoring the roundcube database should do the trick.

Migrate the Maildirs hot

Fortunately Dovecot uses the maildir format that stores emails as plain files on disk. Login to the new (Buster) server and use rsync to copy over the mails from the old (Stretch) mail server:

rsync -va stretchserver:/var/vmail/ /var/vmail/

(Note the trailing slashes. Type them exactly as shown above or your files will end up in wrong places.)

There is no need to shut down Dovecot on your productive Stretch server. Copying the files while Dovecot is running will not break anything. This is called a “hot copy”. It may not be consistent but it will save time during the final synchronisation.

Downtime

You told your users about the downtime, right? The time has come? Okay. Shut down Dovecot on both servers.

Migrate the emails cold

Let’s synchronize again. rsync will only copy those files that have changed which makes it much faster than the first sync. On your new server run:

rsync -va --delete stretch-server:/var/vmail/ /var/vmail/

(The “–delete” option makes sure that files that have been removed from the old server will also be deleted from the new server.)

Switch the DNS records

For all your domains you will have to change the DNS “MX” or “A” record to point to your new server.

Enable soft_bounce

Accidents happen. And you don’t want to lose emails. So run this command to enable your safety net on the new server:

postconf soft_bounce=yes

Now Postfix will always keep emails in the queue that it would otherwise reject. Start Postfix and Dovecot on the new server. Watch your /var/log/mail.log and run “mailq” from time to time to see what emails get stuck in the queue. If you are certain that emails can be removed then use “postsuper -d QUEUE-ID” (as shown in the “mailq” output).

Once you are certain that emails are properly received and sent you can switch off the soft_bounce mode again:

postconf soft_bounce=no

Shut down the old server

If possible do a final backup of the old server. If users are not complaining then dismiss the old system after a week.

Hi Adam. A changing IP should not be a problem as long as you are not accidentally getting on IP RBLs (real-time blacklists).

Using LXC/containers sounds interesting but it would be a lot of work. You would probably need several containers for Postfix, Dovecot, MariaDB (which I would not want to run as a container in production). There are ways to use a systemd emulation to run several processes in a single container. But that sounds like a task that would get you into an “office” with rubbery walls. 🙂

Maybe your ISP allows you to reserve IP addresses. That way you can migrate the IP to the new server when you are ready.

Hello, about the PBL issue, i really dont know if all smtp servers using the database, but in my case, i manually unblock my IP in the following site:https://www.spamhaus.org/faq/section/Spamhaus%20PBL
( cause in the postfix logs i see the target mail server reject me because of a call in this place above, and also it was kind enough so to let me know 😉 )
Even if my IP is a dynamic and i block that day’s IP, since then my IP doesnt block anymore. So, i think that service also looks domain names not only IP address, not matter if the query is IP driven.

… i enjoy reading your tutorial. I just setup a personal email server on debian 10 using postfix/dovecot, one week now, without know just nothing. An email server is just a whole ‘serverspace’, with its own rules and language. Programming is always as simple as 1+1, but to carry this simplicity and moreover to tranfer it to the other, you must own your subject …
anyway…, thanks

@al: If you have many services on one server, it is indeed important to move these services one after the other to a new server. If you just upgrade the OS on the one server with (let’s say) 20 services and you only expect 30 minutes per service to check and correct any issues, you will have a downtime of 10 hours for your users. And working under such pressure is error-prone.

Of course, you can clone the system and do a dry-run with the clone, to see how the upgrade works, but the safe way is to use a new server.

There is missing a step in between exporting and importing the mysql dump.
You will have to create the database manually before import, or you will be presented with the error:
ERROR 1049 (42000): Unknown database ‘mailserver’

Simply run “mysql” followed by “create database mailserver;” before importing it.

If any of the content on workaround.org has made your daily life less miserable you are invited to donate via Paypal to email@christoph-haas.de. I also have a wish list of Amazon things for my projects if you would like to surprise me. However please don't feel obliged.